Once ScaleDrone has been added SCALEDRONE_CHANNEL_ID and SCALEDRONE_CHANNEL_SECRET settings will be available in the app configuration and will contain the channel’s ID and channel’s secret. This can be confirmed using the heroku config:get command.

After installing ScaleDrone the application should be configured to fully integrate with the add-on.

Local setup

Environment setup

After provisioning the add-on it’s necessary to locally replicate the config vars so your development environment can operate against the service.

Though less portable it’s also possible to set local environment variables using export SCALEDRONE_CHANNEL_ID=value and export SCALEDRONE_CHANNEL_SECRET=value.

Use the Heroku Local command-line tool to configure, run and manage process types specified in your app’s Procfile. Heroku Local reads configuration variables from a .env file. To view all of your app’s config vars, type heroku config. Use the following command for each value that you want to add to your .env file.

Authentication

By default, ScaleDrone apps don’t require authentication. This can be turned on from ScaleDrone’s dashboard that you can access from your app’s addons page.

JSON Web Token

Both JavaScript and REST connections can be authenticated using JSON Web Tokens (JWT). The token is encoded using your channel’s secret.
There are JWT libraries for most programming languages and it is relatively easy to implement yourself.

JWT Header

JSON Web Tokens (JWT) has to be encoded with HMAC using SHA-256 (HS256). The decoded header always looks like this:

{"alg": "HS256", "typ": "JWT"}

JWT Payload

JWT’s payload uses the common exp JWT claim and some of ScaleDrone’s specific claims. An example decoded JWT payload looks like this:

The client connection’s ID provided by the JavaScript client after the 'open’ event

channel

✔

Channel’s ID that the token is for

permissions

✔

A regular expression hash that defines permissions of the connection

exp

✔

Unix timestamp expiration time after which the token will not be accepted for processing

Permissions

The permissions claim is used to define which rooms the authenticated user can subscribe or publish to. It is possbile to define very detailed permission rules using regular expressions.
ScaleDrone uses the popular Perl regular expressions syntax used by most programming languages.